[snip] > > If this allows a DoS attack, then this is a very real security problem. > > Why should it? Even if there is a verifiable bug allowing time/memory > limits to be exceeded when header() goes into an infinite loop, how could > someone exploit this from the outside? If a scripter is letting any random > web visitor put their script into an infinite loop, then the results are at > *least* as much the scripter's fault as PHP's. [snip] > > As far as I can tell, the only security problem here is the usual one: > figuring out who is clueful enough and responsible enough to be trusted > with access to operations which can compromise the server.
A coder could do a lot more damage to a server, than a DoS, if they had access the PHP. Oh! The fun I would have if I was malicious (but I'm not BTW). There's more at stake than a simple DoS if someone can upload a PHP script to a server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
